Basic terms

Question 1

Compare NSX-T with NSX-V

Answer 1

NSX-T
decoupled from VCenter
Supports : ESXI, KVM, Bare Metal, Kubernetes, AWS and Azure
supports containers
Standalone Solution
can point to VCenter in order to register hosts
NSX manager and controller are on the same appliance
Uses GENEVE for encapsulation

NSX-V 
VCenter based 
has NSX manager registered with VCenter 
Separate appliances for NSX manager and NSX Controller
Uses vSphere distributed switch
Uses VXLAN for encapsulation

Question 2

NSX Management
Control Plane
Data Plane

Answer 2

Management Plane
Three Nodes cluster of three virtual appliances
user interface
desired configuration to device

Control Plane
provided by the same NSX management cluster
dynamic state of logical routing, distributed firewall
it learns topology information and pushes it down to data plane

Date Plane 
VMs 
Containers 
NSX Edge Nodes 
NSX Transport Nodes

Question 3

NSX Manager Roles

Answer 3

Policy
Manager
Controller

Question 4

NSX Manager Cluster VIP

Answer 4

Each of the nodes in the management cluster has a dedicated IP but they are managed by a VIP that points to one Node at a time (Leader Node)

Question 5

NSX Manager Database

Answer 5

A distributed shared database to ensure all information is synchronized between all devices in the cluster. Replicated and distributed.

Question 6

NSX Controller Functions

Answer 6

Logical Switching
Logical Routing
Distributed Firewall
CCP and LCP

Question 7

CCP and LCP

Answer 7

CCP
Central control plane that exists on the NSX manager and pushes information to the local control plane that exists on nodes.

Question 8

NSX Controller Plane Shrading

Answer 8

Each Transport Node is controlled by one NSX Controller in the NSX Management cluster.

Question 9

Preparing Transport Nodes for NSX-T - Data Plane

Answer 9

On
Hypervisors
Bare Metal Servers

Transport Zone
NVDS
TEPS
VIBs

Question 10

MPA

Answer 10

Management Plane Agent
retrieves status of distributed firewall
retrieves statistics from Host

Question 11

NSX-T Segment

Answer 11

Similar to VLAN 
Identifies a layer 2 segment 
Spans multiple transport nodes 
Like a distributed port group on vSphere 
Identified by a VNI

Question 12

Distributed Router

Answer 12

Used to route traffic between multiple segments
Spans multiple Transport Nodes
Exists on Edge Nodes

Question 13

Distributed Firewall

Answer 13

Applies firewall rules directly on the VM Level

Question 14

ARP Request without NSX

ARP Request with NSX

Answer 14

Without NSX you can’t have a layer 2 network that spans a layer 3 network. A router will drop the ARP broadcast.

NSX allows layer 2 extension by using the concept of overlay and underlay.

Question 15

GENEVE and TEP

Answer 15

VMkernel port
payload - IP -MAC - VNI - IP - MAC
VNI used to identify the segment that is dropping the frame into the correct Segment aka Correct Logical Switch

Question 16

Transport Zones

Answer 16

Identifies the scope of an NSX network
A collection of transport nodes that are connected by the GENEVE overlay

When created an N-VDS will be created
Two types:
Overlay transport zone 
 each transport node can be a member of one 
 the overlay part of the network

VLAN transport zone
used with endpoints we connect directly to vlan backed distributed group
supports 802.1q

Question 17

NSX Uplink Profile

Answer 17

Has the settings for :
Teaming method
MTU
And more

Question 18

VTEP IP Pool

Answer 18

Needed to allocate IP addresses for Nodes in the Fabric

Question 19

VLAN Transport Zone

Answer 19

We can create Segments inside it
each Segment is associated with a specific VLAN
Backed port groups are being created on the ESXi Hosts
edge Nodes will connect to these Nodes

Question 20

Transport Node Profile

Answer 20

collection of settings applied to host transport Node
transport zone
uplink profile
TEP Pool

Question 21

Transport VLAN in Uplink Profile

Answer 21

The underlay VLAN connection

Question 22

Logical Switching

Answer 22

Provided by the N-VDS Switch

Question 23

NSX Controller Tables

Answer 23

MAC Table -> MAC to TEP mapping
ARP Table -> IP to MAC mapping
TEP table -> VNI to TEP to MAC mapping

Question 24

MAC Table

Answer 24

Which VTEP each mac is reachable through
After a VM is detected a MAC report is sent to the NSX controller
Distributed across all Nodes in that VNI

Question 25

ARP Table

Answer 25

ARP regular table
When an ip to mac is detected on a VM an IP report is sent to the NSX controller
Replicated across all nodes in a specific VNI
Used to suppress ARP broadcasts Locally

Question 26

VTEP Table

Answer 26

Tracks all TEPs participating in a VNI
Important for layer 2 broadcast in a VNI
Distributed to all hosts in that VNI

Question 27

Command to display tables

Answer 27

get logical-switch [uuid] mac-table
get logical-switch [uuid] arp-table
get logical-switch [uuid] vtep

Question 28

BUM

Answer 28

Broadcast
Unknown Multicast
Multicast

Question 29

BUM handling

Answer 29

Flooded inside the VNI using the VTEP table

Question 30

Routing without NSX

Answer 30

Traffic should be sent across a trunk outside ESXI and then sent back on the correct VLAN. Same as classic intervlan routing

Question 31

East West Routing with NSX-T DR

Answer 31

Kernel Module that runs on each host
Distributed to Hosts
IPv6 Support
Has a leg in each segment it is active on
Uses VTEP to Route packets to different hosts

Question 32

Single Tier Routing

Answer 32

Each Transport Node has a T0 DR
T0 DRs are connected across a Transit Overlay Link
Edge Node has a T0 DR and a Service Router (SR ) that has two connection one to Transit network and one to External network
Edge node has its own TEP too

Question 33

Services Router

Answer 33

Handles N-S routing 
NAT 
DHCP
Load Balancing 
Gateway Firewall 
VPN
Bridging 
Connects to an outside work via an external segment 
Transit link connect DR routers with SR router

Question 34

North South Packet Walk with T0 Architecture

Answer 34

Packet sent from VM to DR gateway
DR routes packet via default Route to SR [VTEP]
SR Routes packet outside via the external network

Question 35

NSX Multi Tier Routing Use Cases

Answer 35

Multi Tenant Support
Logical Separation between Provider Router and Tenant Router
Top tier is T0 gateway
Bottom tier is T1 gateway
Tenant has complete control of Tier-1 Gateway

Question 36

Multi Tier Routing Connections

Answer 36

Service Interface : from T0 GW to VLAN segment
Router Link Interface : from T1 GW to T0 GW
T0 can also connect to segments overlay

Question 37

Two Tier Routing on Same host

Answer 37

VM1 to T1 DR
T1 DR T1 to T0 GW
T0 GW to T2 DR

Question 38

Two Tier Routing on Different hosts

Answer 38

VM1 to T1 DR [inside host]
T1 DR T1 to T0 GW [inside host ]
T0 GW to T2 DR [TEP overlay]

Question 39

Two Tier Routing External

Answer 39

VM1 -> Tenant 1 T1 DR
Tenant 1 T1 DR -> T0 GW DR
T0 GW DR -> T0 SR

Question 40

SR High Availability Active Standby

Answer 40

All Traffic Flows through a single SR 
Required for Stateful Services 
Supported on T0 and T1 
one edge node is preferred 
Multiple GWs can run on each node

Question 41

NSX-T edge Nodes

Answer 41

run network services that can't be distributed 
north South connectivity 
Centralized Services:
 DHCP
NAT 
VPN 
LB
l2 bridging 
Service interface 
Gateway FW

Question 42

VLAN Segments

Answer 42

a layer 2 broadcast domain implemented as a traditional VLAN in the physical infrastructure.
this requires traffic between two VMS on two different transport nodes but attached to same VLAN backed segment gets carried over the same VLAN on physical network